On Sun, 17 Jun 2001, paul miles wrote: :Does anyone know of methods that can be used to identify systems on a :network that will forward IP traffic? : :Whether they be routers or an NT or Linux system that is set up to route :traffic with a few static routes set up. There are a few different ways to do this, which amount to playing Find The Router. Netmask style: ICMP type 17 (netmask request) to see if it is a part of a smaller subnet than other hosts on the network. Firewalk style: Get the range of IP addresses, choose a reasonable TTL for your packets that is >= the number of hops you are away from the network address of the netblock you are scanning, use port 25 or 80 or udp 53 and watch for TTL exceeded messages from routers. If somthing doesn't respond at all, increate the TTL by 1 until you either find the host, or it is totally improbable that there are that many routers that are supressing icmp unreachable messages. SNMP style: Check for ip.ipForward=1 on the interface. Routed style: Routed runs on udp/520. Zebra style: port 2601 for vty access, along with 179 for BGP and 2605 for zebra's BGPd. Just check /etc/services for various ports for routing protocols. There is no garuntee the host is routing, but if these services are running, it's probably a safe bet. There are some easier ways if you are close to the network, or on it using source routing, arp information, sniffing etc, but these should confirm it in most situations. -- batz Reluctant Ninja Defective Technologies
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 18:01:37 PDT